It means you've got a security issue on the server side of your site. It could mean any of a number of things:

Your ftp connection isn't secure

Your hosts control panels security measures don't measure up

Your database security is lax/missing/easily circumvented.

If you're using a COTS product, there might be common problems which haven't been patched on your site.

Your server side coding is lax in preventing sql injections.

Is this a real situation, or are you looking for general ideas? If general, look at the different forums here (this one, database, whatever language your site is using)) and look there for topics which might meet your needs (the database forum has one dealing specifically with #5 above).

If it's a situation, you might need to provide more details so someone can point you in the direction of where to look to fix your issues.

hantaah
—
2013-04-25T17:19:43Z —
#3

yes it's a real situation, someone told me the backend was open http://www.sakeenaheducationcentre.comI know ftp is locked.My hosting is with poweredbypenguins and I'm guessing they are up to speed with security.How else can I know?

DaveMaxwell
—
2013-04-25T18:06:31Z —
#4

I would guess the issue is more with wordpress than your host.

ralphm
—
2013-04-26T00:01:11Z —
#5

hantaah said:

someone told me the backend was open

Unless they are prepared to give you some more information, I'll tell them to shut their own backend. Your login page is password protected. WP is normally not "open" (presumably meaning "publicly accessible").

dklynn
—
2013-04-26T05:26:05Z —
#6

han,

It's likely that the one telling you that you've been hacked is trying to use social engineering to gain your login details (easier than actually hacking a website). If that's not the case, you'd better be prepared to download your entire website and match it with your local version (WinMergeU and BCompare are both good at making comparisons and noting any differences). If you've been hacked, search here for the checklist of recovery tasks I'd posted some months ago.

Regards,

DK

hantaah
—
2013-04-26T10:37:48Z —
#7

dklynn said:

han,

It's likely that the one telling you that you've been hacked is trying to use social engineering to gain your login details (easier than actually hacking a website). If that's not the case, you'd better be prepared to download your entire website and match it with your local version (WinMergeU and BCompare are both good at making comparisons and noting any differences). If you've been hacked, search here for the checklist of recovery tasks I'd posted some months ago.

Regards,

DK

hmmm, well the person I did the website for, it's a member of their family. They commented to say they like the website but to tell me the backend is open so to look into it. The problem is I developed this online so don't have any local version

Pullo
—
2013-04-26T11:04:40Z —
#8

hantaah said:

The problem is I developed this online so don't have any local version

Oh man, you always need a backup. I really can't suggest strongly enough that you make one.

We'll be happy to give you some pointers if you don't know how.

hantaah
—
2013-04-26T11:11:39Z —
#9

Pullo said:

Oh man, you always need a backup. I really can't suggest strongly enough that you make one.

We'll be happy to give you some pointers if you don't know how.

Please if you could. I have backupafobia. I have a plug in called duplicate. Is that any good?

Pullo
—
2013-04-26T11:24:16Z —
#10

Nah, that plugin allows you to clone a post or page, or edit it as a new draft.

To back up your site, basically you need to do two things:

Backup your database(s)

Backup all of the assets (e.g. images, theme files etc.)

Let's start with point 1.You can either do this by loging into your hosting company's admin area and using whatever functionality the offer you (probably PHPMyAdmin)Or, installing a plugin, such as this one, which will do it for you.You might also want to read: http://codex.wordpress.org/Backing_Up_Your_Database

After that, the easiest way to get to your files, is to connect to your webspace, via FTP, find your root WP folder (it will contain folders such as "wp-admin" and "wp-content"), then just copy this to your local PC.If you don't have FTP access for whatever reason, there is a plugin that claims to do it for you.You might also want to read: http://codex.wordpress.org/WordPress_Backups

And that's it.

Personally, I do both of these things by hand, so I can't recommend the plugin as I simply haven't used it.

Anyone else?

hantaah
—
2013-04-26T11:33:58Z —
#11

oh that sounds easy. I'll wait for a recommendation on that plug. Otherwise where do I go in phpadmin to back up?

To copy my root do I copy the public_html and all inside that?

Pullo
—
2013-04-26T11:38:39Z —
#12

hantaah said:

Otherwise where do I go in phpadmin to back up?

In PHPMyAdmin, select the db, click the tab marked "Export", keep the defaults, but choose "Save as file" (this might be hidden under "Advanced options" or something), and that's it.

hantaah said:

To copy my root do I copy the public_html and all inside that?

It can't hurt to have a backup of everything on the server.Strictly speaking all you need is the directory titled "wp-content", but I would go one level above that, then you've got a copy of everything related to the WP install.

HTH

hantaah
—
2013-04-26T11:53:35Z —
#13

easy peezy! I didn't even need to access phpmyadmin as they had a backup button in my control panel so I clicked that and it saved to my pc in a .txt ( hope that's right )Plus now in the process of transfering all files via ftp...

Thanks I'm now backed up and about to do the same for all my other sites!

Pullo
—
2013-04-26T12:02:35Z —
#14

hantaah said:

they had a backup button in my control panel so I clicked that and it saved to my pc in a .txt ( hope that's right )

Yup, it should be a plain text file.It is probably worth opening it and searching for a string that you know you added to the site recently.E.g. When I back up my DB after updating my blog, I open the backup file and search for the title of my last blog post. that way you know that you have got the latest version.

hantaah said:

Thanks I'm now backed up and about to do the same for all my other sites!

Good on you!

dklynn
—
2013-04-28T10:57:33Z —
#15

Don't forget to password protect your "backend"!!! Use the password your host can generate for you OR use a strong one from strongpasswordgenerator.com.

Regards,

DK

webcosmo
—
2013-05-01T21:17:28Z —
#16

Your host has nothing to do with the security of your backend; by being open it means its vulnerable to attacks, so you should be looking for an upgrade to the CMS youre using.

hantaah
—
2013-05-01T21:53:31Z —
#17

I see, will mke sure I keep updating!

@pullo if I want to take this back up I did of the database and files and put it onto a sub directory, how do I do thast? Do you know of a tutorial that I can follow?

Pullo
—
2013-05-02T09:40:54Z —
#18

hantaah said:

@pullo if I want to take this back up I did of the database and files and put it onto a sub directory, how do I do thast? Do you know of a tutorial that I can follow?

Not sure I follow you.Could you elaborate a little on what you are trying to do.

On a separate note, I almost didn't see this question.If you want to get someone's attention you can mention them by writing an at sign "@" followed by the user name "pullo" a space " " and a semicolon ";"

This will then show up in that person's notifications when they log in.

TechnoBear
—
2013-05-02T10:25:05Z —
#19

[ot]

Pullo said:

On a separate note, I almost didn't see this question.If you want to get someone's attention you can mention them by writing an at sign "@" followed by the user name "pullo" a space " " and a semicolon ";"

you helped me make a back up ( above ) so I have a plain text file of the data base and all the files from the public_html. So I now want to take all this and place it on my new url but on a sub directory. I though to do this so that if any of muy clients don't keep their hoting going then I can still link to my work ( fully working )